Free cookie consent management tool by TermsFeed Policy Generator

source: trunk/sources/HeuristicLab.Hive.Contracts/3.2/WcfSettings.cs @ 1584

Last change on this file since 1584 was 1579, checked in by mbecirov, 16 years ago

#528: WCF Service secured - you need to install the certificate in order to run the application properly!

File size: 3.2 KB
Line 
1#define USE_MSG_BINDING
2using System;
3using System.Collections.Generic;
4using System.Linq;
5using System.Text;
6using System.ServiceModel.Channels;
7using System.ServiceModel;
8using System.Security.Cryptography.X509Certificates;
9using System.Net;
10
11namespace HeuristicLab.Hive.Contracts {
12  public static class WcfSettings {
13
14    public const string SERVERCERT = "HIVE-Server";
15    public const int DEFAULTPORT = 9000;
16   
17    /// <summary>
18    /// Gets a pre-defined binding using TCP for secure transport.
19    /// </summary>
20    /// <returns>A binding type of <see cref="NetTcpBinding"/></returns>
21    public static Binding GetBinding() {
22#if USE_MSG_BINDING
23      NetTcpBinding binding = new NetTcpBinding(SecurityMode.Message);
24#else
25      NetTcpBinding binding = new NetTcpBinding(SecurityMode.TransportWithMessageCredential);
26      binding.Security.Message.ClientCredentialType = MessageCredentialType.Certificate;
27#endif
28      return binding;
29    }
30
31    /// <summary>
32    /// Defines the used certificate for authentification located in a certification store.
33    /// </summary>
34    /// <param name="svchost">A service for which this certificate is applicable.</param>
35    public static void SetServiceCertificate(ServiceHost svchost) {
36      svchost.Credentials.ServiceCertificate.SetCertificate(
37        StoreLocation.LocalMachine,
38        StoreName.My,
39        X509FindType.FindBySubjectName,
40        SERVERCERT);
41    }
42
43    /// <summary>
44    /// Gets the currently active IP address.
45    /// <remarks>If more than one IP connections is active, the first one will be used.</remarks>
46    /// </summary>
47    /// <returns></returns>
48    public static string GetActiveIP() {
49      return System.Net.NetworkInformation.IPGlobalProperties.GetIPGlobalProperties().GetActiveTcpConnections()[0].LocalEndPoint.Address.ToString();
50    }
51
52    /// <summary>
53    /// Gets the default port used for HIVE services.
54    /// </summary>
55    /// <returns></returns>
56    public static int GetDefaultPort() {
57      return DEFAULTPORT;
58    }
59  }
60
61  /// <summary>
62  /// This class verifies the certificate defined by <see cref="SetServerCertificate"></see> method. Normally,
63  /// the verification process is managed by the underlying operating system.
64  /// </summary>
65  /// <remarks>
66  /// WARNUNG: Dieser Code wird nur für Testzertifikate benötigt, wie sie beispielsweise von makecert erstellt werden.
67  /// Sie sollten diesen Code nicht in einer Produktionsumgebung verwenden.
68  /// </remarks>
69  public class PermissiveCertificatePolicy {
70    string subjectName;
71    static PermissiveCertificatePolicy currentPolicy;
72    PermissiveCertificatePolicy(string subjectName) {
73      this.subjectName = subjectName;
74      ServicePointManager.ServerCertificateValidationCallback +=
75          new System.Net.Security.RemoteCertificateValidationCallback(RemoteCertValidate);
76    }
77
78    public static void Enact(string subjectName) {
79      currentPolicy = new PermissiveCertificatePolicy(subjectName);
80    }
81
82    bool RemoteCertValidate(object sender, X509Certificate cert, X509Chain chain, System.Net.Security.SslPolicyErrors error) {
83      if (cert.Subject == subjectName) {
84        return true;
85      }
86      return false;
87    }
88  }
89}
Note: See TracBrowser for help on using the repository browser.